chromepass[.]zip

Sharing

Copy URL Twitter E-mail

General

Target

chromepass.zip
Size

195KB
MD5

3d734d1c43c7a77865d9ee437305dcc0
SHA1

64f8e4fd901e523e109440d1af6df3e463fb1193
SHA256

f7888584d6d41c5d8efe068e0f0e00aa8d7c93d3bd42c343ec0368ba893f0487
SHA512

267d06f1daeb5d4931cb75b0ecfc194947459b3a981f83edd80ecf562f165d36a659b7c532daf839a0a7fc87dabdf81524abc442dba0ea0977914f03c49c8941
SSDEEP

6144:LrZNJ61XshT7uK5Lxm+aFYAyjKZTZCNCx:L9N68hvfNxm+aFYAGKZ8c

Score

10^/10

Malware Config

Signatures

Nirsoft 1 IoCs

resource	yara_rule
static1/unpack001/ChromePass.exe	Nirsoft

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/ChromePass.exe

Files

chromepass.zip
.zip

Password: chpass9126*
ChromePass.chm
.chm
ChromePass.exe
.exe windows:4 windows x86 arch:x86

Password: chpass9126*

990dab8f5ab4abd17f4aa5b202ce585c

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

msvcrt

_purecall
__dllonexit
_onexit
_c_exit
_exit
_XcptFilter
_cexit
exit
_wcmdln
__wgetmainargs
wcstoul
_wcslwr
wcsrchr
modf
_wcsicmp
_snwprintf
wcsncat
realloc
_gmtime64
isalnum
toupper
atoi
_itow
_memicmp
memmove
strftime
isdigit
malloc
isspace
free
isxdigit
tolower
??3@YAXPAX@Z
??2@YAPAXI@Z
_wtoi
wcschr
_initterm
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
_controlfp
_except_handler3
memcpy
memset
_CIlog

comctl32

CreateStatusWindowW
ImageList_AddMasked
ImageList_SetImageCount
ImageList_Create
ord17
ImageList_ReplaceIcon
CreateToolbarEx

kernel32

ReadProcessMemory
GetCurrentProcess
SetErrorMode
EnumResourceNamesW
GetPrivateProfileIntW
WritePrivateProfileStringW
GetPrivateProfileStringW
CopyFileW
LoadResource
FindResourceW
GetSystemDirectoryW
GlobalAlloc
FindNextFileW
OpenProcess
GetModuleHandleA
ExitProcess
GetStartupInfoW
EnumResourceTypesW
GetModuleHandleW
WideCharToMultiByte
SetFilePointer
LeaveCriticalSection
DeleteCriticalSection
GetFileAttributesA
SetEndOfFile
GetCurrentThreadId
GetFileAttributesW
InterlockedIncrement
CloseHandle
ReadFile
QueryPerformanceCounter
DeleteFileW
CreateFileW
GetCurrentProcessId
MultiByteToWideChar
FlushFileBuffers
GetTempPathW
UnlockFile
GetTempPathA
LockFile
GetSystemTime
AreFileApisANSI
GetLastError
GetTickCount
DeleteFileA
GetSystemTimeAsFileTime
WriteFile
LockFileEx
EnterCriticalSection
GetFullPathNameW
InitializeCriticalSection
GetFullPathNameA
CreateFileA
Sleep
GetFileSize
GetVersionExW
LocalAlloc
LocalFree
FreeLibrary
GetProcAddress
SystemTimeToFileTime
FileTimeToLocalFileTime
CompareFileTime
LoadLibraryW
FileTimeToSystemTime
LoadLibraryExW
FindClose
GetWindowsDirectoryW
SizeofResource
FormatMessageW
GlobalLock
LockResource
GetTimeFormatW
GetModuleFileNameW
GetDateFormatW
GetTempFileNameW
FindFirstFileW
GlobalUnlock

user32

GetMessageW
BeginDeferWindowPos
PostQuitMessage
TrackPopupMenu
RegisterWindowMessageW
EndDeferWindowPos
DispatchMessageW
DrawTextExW
TranslateMessage
IsDialogMessageW
CreateDialogParamW
SendMessageW
GetSysColor
GetDlgItem
ReleaseDC
GetWindowTextW
GetDC
GetSysColorBrush
ShowWindow
ChildWindowFromPoint
LoadCursorW
SetCursor
SetMenu
SetWindowPos
GetWindowPlacement
LoadAcceleratorsW
PostMessageW
DefWindowProcW
UpdateWindow
GetWindowRect
GetSystemMetrics
TranslateAcceleratorW
RegisterClassW
MessageBoxW
CreateWindowExW
DeferWindowPos
GetDlgItemInt
SendDlgItemMessageW
EndDialog
InvalidateRect
SetDlgItemInt
GetClientRect
SetWindowTextW
SetDlgItemTextW
GetDlgItemTextW
LoadIconW
LoadImageW
SetWindowLongW
GetWindowLongW
SetFocus
GetMenuStringW
CloseClipboard
OpenClipboard
GetParent
GetMenuItemCount
GetSubMenu
MoveWindow
GetMenu
GetCursorPos
CheckMenuItem
SetClipboardData
EnableWindow
MapWindowPoints
EmptyClipboard
EnableMenuItem
GetClassNameW
EnumChildWindows
LoadStringW
LoadMenuW
ModifyMenuW
GetMenuItemInfoW
DialogBoxParamW
GetDlgCtrlID
DestroyMenu
DestroyWindow

gdi32

DeleteObject
SelectObject
SetTextColor
CreateFontIndirectW
GetDeviceCaps
GetTextExtentPoint32W
SetBkMode
GetStockObject
SetBkColor

comdlg32

GetSaveFileNameW
FindTextW

advapi32

RegSetValueExW
RegQueryValueExW
RegDeleteValueW
RegCloseKey
RegOpenKeyExW

shell32

SHGetPathFromIDListW
SHGetMalloc
ShellExecuteExW
SHBrowseForFolderW
SHGetFileInfoW
ShellExecuteW

ole32

CoCreateGuid
CoInitialize
CoUninitialize

Sections

.text
Size: 292KB - Virtual size: 291KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 30KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 14KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
readme.txt

Sharing

General

Malware Config

Signatures

Files

Password: chpass9126*

Password: chpass9126*

990dab8f5ab4abd17f4aa5b202ce585c

Headers

File Characteristics

Imports

msvcrt

comctl32

kernel32

user32

gdi32

comdlg32

advapi32

shell32

ole32

Sections

.text Size: 292KB - Virtual size: 291KB

.rdata Size: 30KB - Virtual size: 29KB

.data Size: 3KB - Virtual size: 19KB

.rsrc Size: 14KB - Virtual size: 14KB

.text
Size: 292KB - Virtual size: 291KB

.rdata
Size: 30KB - Virtual size: 29KB

.data
Size: 3KB - Virtual size: 19KB

.rsrc
Size: 14KB - Virtual size: 14KB